About hack-for-hire
Threat Analyst Group (TAG) of Google last week revealed that it blocked around 36 malicious domains used by Hacking groups in Russia, UAE, and India.
In a technique similar to surveillance ecosystems, hack-for-hire groups give their clients the leverage to launch targeted cyberattacks on corporate organizations, politicians, activists, journalists, and other users that are at high-risk.
What is Google saying?
Google in its Blog says "as part of our efforts to combat serious threat actors, we use results of our research to improve the safety and security of our products. Upon discovery, all identified websites and domains were added to Safe Browsing to protect users from further harm."
The only difference in the manners of the two is that while users buy the spyware from commercial vendors and later use it themselves, the actors behind hack-for-hire cyberattacks deploy the hacking attempts on the clients' behalf so that the buyers remain anonymous.
How does hack-for-hire operate?
The hack-for-hire ecosystem is flexible in two ways, first in how the actors deploy the attacks themselves, and second, in the large range of targets, they seek in a single campaign on their clients' behalf.
Some hacking groups publicly market their products and services to any user that is willing to pay, however, few operate in a hidden manner and sell their services to a limited public.
"We encourage any high risk user to enable Advanced Protection and Google Account Level Enhanced Safe Browsing and ensure that all devices are updated. Additionally, our CyberCrime Investigation Group is sharing relevant details and indicators with law enforcement," says Google.
Other Details
A recent campaign launched by an Indian hacking group attacked an IT company in Cyprus, a fintech organization in the Balkans, an educational institute in Nigeria, and a shopping company in Israel, hinting the wide range of victims.
According to Google Since 2012, TAG has been tracking an interwoven set of Indian hack-for-hire actors, with many having previously worked for Indian offensive security providers Appin and Belltrox.
One cluster of this activity frequently targets government, healthcare, and telecom sectors in Saudi Arabia, the United Arab Emirates, and Bahrain with credential phishing campaigns, Google adds.
